You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Tom Bednarz <li...@bednarz.ch> on 2004/04/07 19:08:43 UTC

Container vs application managed security - Role checking

After reading lots of online docs and parts of 'Struts in Action' I decided to stay with my implementation of application managed security. However I like to make use of a new feature introduced in Struts 1.1: role checking for actions.

As far as I understand it, I need to make my own implementation of processRoles in class RequestProcessor.

The question is:

When I subclass RequestProcessor, where do I have to put this class? Separate JAR file or can it go somewhere inside my web application? I subclassed the Action class and derived all actions from that class. That worked fine inside the app. But I do not see any direct calls to RequestProcessor, this seems to be done inside the framework.

Can somebody help?

Many thanks.

Tom